Latest cyberattack on Iran targets oil export facilities

Computer servers at the government oil ministry and the National Iranian Oil Co. are the apparent target of a cyberattack via a data-deleting virus, Iranian officials have acknowledged. Previous attacks struck at Iran's nuclear program.

Gas flares from an oil production platform, as an Iranian flag is seen in the foreground, at the Soroush oil fields in the Persian Gulf, some 776 miles south of the capital Tehran, in this July 2005 file photo.

Raheb Homavandi/Reuters/File

View photo

Iran's oil export facilities are the apparent target of computer malware, an attack that penetrated computer servers at both the government oil ministry and the National Iranian Oil Co.

The cyberattack – one of several Iran has endured over the past few years – comes as Iran and an international coalition of six nations, including the US, prepare for more talks next month over the extent of Iran's nuclear ambitions. To put pressure on Iran to cooperate with efforts to verify the scope of its nuclear program, the United States has been discouraging the international community from buying Iranian oil.

Alireza Nikzad, a spokesman for Iran's oil ministry, told the Fars news agency, which has ties to the government, that Sunday's attack was a "virus" that "attempted to delete data on oil ministry servers." Another Iranian news agency cited Mr. Nikzad as identifying the virus as Viper.

"This cyberattack has not damaged the main data of the oil ministry and the National Iranian Oil Company (NIOC) since the general servers are separate from the main servers; even their cables are not linked to each other and are not linked to Internet service," Nikzad said in the reports. "We have a backup from all our main or secondary data, and there is no problem in this regard."

But in another statement posted on the oil ministry's news website, SHANA, Nikzad said the virus did indeed wipe some data from official servers – but with limited damage, Agence France Presse reported.

"To say that no data was harmed is not right. Only data related to some of the users have been compromised," Nikzad said, according to AFP. Websites of the Iranian oil ministry and NIOC were also knocked offline, reports said.

The cyberattack on Iran's oil facilities could be perpetrated by a nation sending Iran a not-too-subtle message: Start negotiating with the international community over your nuclear weapons program or lose the ability to export oil, say some US cyberwarfare experts. Or, it could be the work of a lone hacker taking a digital potshot.

Either way, Iran is expected to take the attack seriously, these experts say.

"It looks like this virus was not designed to attack the industrial control systems that operate Iran's oil-pumping operations," says John Bumgarner, research director for the US Cyber Consequences Unit, a nonprofit security think tank that advises government and industry. "If it had been, the attackers could have done serious damage to those plants. By taking over servers and wiping the data so they can't function, that's only a temporary disruption – possibly one designed mainly to send a message like, 'We are in your oil export system, so you better start negotiating.' "

Whether or not that's the message, it's clear that Iran has been hit with a barrage of cyberattacks, including Stuxnet, the world's first publicly identified cyber superweapon. In 2009 it began sabotaging Iran's Natanz nuclear centrifuge facility, eventually destroying 1,000 centrifuges and setting the program back by years, some experts say.

Iran also has had to deal with Duqu, a sophisticated espionage program that appears to have targeted industrial networks inside the country. Another attack, about which little is understood, is said to involve a malicious cyberweapon that Iranian officials dubbed "Stars."

In response to this activity, Iran has said it is ramping up a cybermilitary unit. Hamdollah Mohammadnejad, deputy oil minister in charge of civil defense, also said a special unit had been set up to confront the Viper attack, the Associated Press reported.

Other possible messages from the Viper attack? Perhaps a warning about the US stealth drone that went down in Iran in December. Iran acknowledged the Viper attack on the day after Tehran announced it had reverse engineered the sophisticated drone and would begin developing an Iranian duplicate.

"This is not a big, noisy violation of national sovereignty," Mr. Lewis adds. "And it just doesn't create the same level of outrage that an air attack or a commando team would create. It's low political risk – no worries about captured pilots or agents. This makes cyberattack attractive."

Others, however, say such cyberattacks won't succeed as a tool to press Iran to curtail its nuclear program, which Iran's foes see as a fig leaf for creating a nuclear bomb.

If that's the intent, "it's unlikely to be effective," says Douglas Shaw, assistant professor at George Washington University's Elliott School of International Affairs and an expert nuclear nonproliferation and arms control. Iran's defiance of the international community has been longstanding, he notes. It has also been hit already by more formidable cyberweapons, without any sign of undermining Iran's determination to continue with its nuclear program, he says.

The peril of using cyberweapons to sabotage Iran's oil exports is that such actions could trigger a cyberwar.

"If you start engaging in cyberattacks with physical consequences, thereby blurring the line between increasing international pressure and war, that strikes me as unlikely to succeed," says Dr. Shaw. "If the Iranians ever think they can detect a return address [for these cyber attacks], then I think it's highly likely we will see escalation."